DE3780070T2 - PIN CHECK TIME DETERMINATION COMPREHENSIVE CHIP CARD IDENTIFICATION SYSTEM. - Google Patents

Abstract

An IC (integrated circuit) card identification system (100) includes a comparator (26) for comparing a first identification number (PIN) entered by a card-holder with a second identification number (R-PIN), a storage memory (24) for storing at least the second identification number (R-PIN), a timer (25) for measuring a time lapse during a card-identifying operation, and a central controller (17) for controlling the timer (25) to set a first processing time period to be substantially equal to a second processing time period. During the first processing time period, the comparator (26) determines that the first identification number (PIN) is coincident with the second identification number (R-PIN) since the first identification number (PIN) has been entered. During the second processing time period, the comparator (26) determines that the first identification number (PIN) is incoincident with the second identification number (R-PIN) since the first identificaton number (PIN) has been entered.

Description

The present invention relates to an identification system for chip cards.

A conventional magnetic card is well known as such an object identification system. The magnetic card has a magnetic coating strip on which a key code, a secret number, an account number, etc. are magnetically recorded. These magnetically recorded contents, e.g. the key code, are known at least to the bank personnel, since a cardholder must disclose his key code to the bank. Moreover, the magnetically recorded information can be accessed relatively easily by anyone. In view of such easy accessibility, the private secret information on the conventional magnetic card cannot be reliably kept secret.

Instead of a conventional magnetic card, a chip card with an IC module (IC = integrated circuit) was recently proposed in FR-A-2471003. Accordingly, no one can easily gain access to the secret information stored in the IC module.

Although it is very difficult to read the secret information from the chip card, there is no way to identify the authorized cardholder if the chip card is counterfeit.

Since security in use is extremely important, the validity of such a chip card has been identified in the following way to prevent unauthorized use of the chip card. That is, when the chip card is used to purchase an item or the like is inserted into a card terminal and the private identification number "PIN" (personal identification number) is entered in this state to compare it with the registered PIN "R-PIN" already stored in the chip card. If the entered "PIN" matches the registered "R-PIN", the chip card is released for use by the cardholder. On the contrary, if there is no match, a re-entry of the "PIN" is allowed for a certain number of repetitions, e.g. five. If the "PIN" does not match the "R-PIN" even after a predetermined number of repetitions of the "PIN" re-entry, this chip card is invalidated or rejected for use.

According to the above-described identification method for a conventional card, if the "PIN" and the "R-PIN" coincide, the processing routine in the IC card can soon proceed to the next processing step. However, if these numbers do not coincide, a repetition number "RTN" is incremented by only +1, and at the same time, a device must be provided for determining whether the "RTN" number has reached a predetermined number or not and the like, so that it takes a while to proceed to the next processing step. As explained below, in the two cases, namely, if the input "PIN" coincides with the registered "R-PIN" and if the former does not coincide with the latter, a difference is internally created between the number of processing steps. As a result, the time periods required for these processing steps differ from each other. This assumes that if the time period of data transmission to the next processing step is somehow tracked by a person who illegally and experimentally tries to determine the PIN by drawing his attention to such a time difference, It may be easy for them to determine whether the result of the comparison of the input "PIN" and the registered "PIN" is correct or not.

Therefore, an illegal investigation can reveal the "PIN", so that the security of the chip card is significantly compromised and there is a risk that an illegal use of the chip card will ultimately succeed.

The present invention has taken the above problems into consideration and has as its object to provide a smart card identification system in which illegal decryption of the personal identification number can be completely blocked, illegal use of the smart card can be prevented, and security of card use can be improved.

This object of the invention is achieved by providing an identification system for chip cards, which comprises a device for comparing a first identification number entered by a card holder with a second identification number previously stored in the chip card in order to determine whether this first identification number matches the second identification number, as well as a storage device for storing at least the second identification number, a device for measuring a time elapsed during a card identification process, and a device for controlling the time measuring device in order to set a first processing time period substantially equal to a second processing time period, the first processing time period being defined by a first duration after the card holder enters the first identification number during which the comparison device determines that the first identification number matches the second identification number, and a second processing time period is defined by a period during which the comparison device determines that the first identification number entered by the cardholder does not match the second identification number.

For a better understanding of the present invention, reference is made to the following description in conjunction with the drawings.

Show it:

Fig. 1 is a schematic block diagram of the entire chip card identification system according to the invention;

Fig. 2 shows a memory distribution of the memory shown in Fig. 1;

Fig. 3 is a flow chart for explaining the card identification system shown in Fig. 1; and

Fig. 4 is a schematic block diagram of the scrambler in the identification system shown in Fig. 1.

BASIC IDEA

The basic idea of the smart card identification system according to the present invention is as follows. In this smart card identification system, the personal identification number (PIN) entered into the smart card via the card terminal is compared with the registered personal identification number (R-PIN) previously stored in the smart card. Then, based on the comparison result, it is determined whether these numbers match or not. If they do not match, a re-entry process of the "PIN" is performed. allowed and the number of retries is counted. It is judged whether the retry number has reached a predetermined number or not. If it has reached the predetermined number, then the use of the smart card is invalidated. This smart card identification system has the following feature: A first processing time period is defined by a time period required to process the steps from the input of the "PIN" to the output of a signal representing the agreement of the comparison result. A second processing time period is defined by another time period required to process the steps from the input of the "PIN" to the output of a non-agreement signal, and iteration steps including the time for the step of counting up the input retry number of the "PIN" and the time for the step of determining whether the retry number has reached the predetermined number or not. It is judged that the first processing time period is substantially equal to the second processing time period. Moreover, both processing time periods are constant in terms of elapsed time.

STRUCTURE OF THE CHIP CARD

Fig. 1 shows a circuit structure of the chip card 100 according to the invention. In a circuit, a system bus line 11 is used. As shown in the circuit diagram, connected to the system bus line 11 are: a response-to-reset data ROM 12; application ROM 13; test program ROM 14; system program ROM 15; work RAM 16; central control unit 17; memory read/write controller 18; decryptor 19; input controller 21 via input buffer 20; and output controller 23 via output buffer 22. The data input/output terminal 1/0 is connected to input controller 21 and output controller 23. Response-to-reset data ROM 12 stores various operation status data for an IC card 100. For example, ROM 12 stores the data regarding data writing, power supply voltage, maximum current, maximum power supply voltage, maximum data transfer amount, maximum response waiting time, and the like. After completion of self-initialization of IC card 100, these status data are transmitted to a card terminal (not shown) as response-to-reset data according to a predetermined format.

Application ROM 13 stores card classification data "APN" indicating the type of smart card 100. After initial parameters are set based on the response-to-reset data, card classification data is transmitted according to a predetermined format after exchanging attribute data with the card terminal.

Test program ROM 14 stores the program for performing the card test routine.

System program ROM 15 stores not only various system programs but also a code signal "ACK" or "NAC" that indicates whether a signal transmitted from the card terminal is correct or not.

Working RAM 16 stores various processing data used in chip card 100.

Central control unit 17 issues operating commands to various circuits in response to a data reception signal supplied from the card terminal through an input buffer 20 and in response to the operating conditions.

Memory read/write controller 18 controls the data write/read operations to/from memory 24 in response to a command from central control unit 17.

Decryptor 19 decrypts, based on a predetermined algorithm, the input data supplied from the card terminal through input buffer 20 using a private key code "PRK" or the like from the secret data zone 243 in the memory 24.

Timer 25 is connected to the central control unit 17. Timer 25 operates to preset the time required to perform the card identification process to a predetermined time. Before the entry of the "PIN" begins, this predetermined time is set in response to a command from the central control unit 17. When the "PIN" is entered, timer 25 begins its count. After a predetermined time has elapsed, timer 25 stops the operation of the central control unit 17. It is to be noted that this predetermined time set in timer 25 is determined by taking into account the maximum time required to identify the "PIN".

The contents of memory 24 readable by controller 18 are applied to one input terminal of comparator 26. The input data decoded by decoder 19, the data stored in working RAM 16 and the specific code stored in data ROM 12 are applied to the other input terminal of comparator 26. The comparison output of comparator 26 is sent to a central control unit 17.

If a chip card system with the circuit arrangement described above is loaded into a card terminal (not shown), a reset signal "Reset" and a system clock "Clock" are applied from the card terminal to the chip card 100 and at the same time a voltage source Vcc and a voltage source Vpp are connected to it. The voltage source Vcc is used to drive the smart card system. The power source Vpp is used to write data into the memory 24. The power supply voltage Vpp is set in the card terminal based on the response-to-reset data stored in the data ROM 12. On the other hand, a system operation signal of system clock "Clock" is applied to various circuits in the smart card system via a frequency divider 27. Thus, a frequency-divided clock "φ" is derived from the frequency divider 27.

MEMORY ALLOCATION OF MEMORY

In the preferred embodiment, as shown in Fig. 2, the memory 24 consists of a zone address table 241, a public data zone 242, a secret data zone 243, a transaction data zone 244 and a credit data zone 245. The zone address table 241 stores a predetermined zone address as test data used for, for example, identifying the smart card. The identification data is read out from a predetermined data zone based on the address data and then identified with the test data described above, thereby performing the card identification. The open data zone 242 stores open data. The secret data zone 243 stores, for example, the registered personal identification number "R-PIN", the data retry number "RTN", the personal initialization identification number "I-PIN" used until the personal identification number "PIN" is used, the account number "PAN" (Primary Account Number), the decryption key "PRK" (Private Key Code), and the like. The transaction data zone 244 stores various data related to the normal transaction. The credit data zone 245 stores the data related to the credit transaction, e.g., data such as an approval for a credit transaction.

PIN IDENTIFICATION SYSTEM

The operation of the smart card system will now be described with reference to the circuit diagram of Fig. 1 and a flow chart shown in Fig. 3.

CARD INITIALIZATION

The operation of the chip card 100 after it is loaded into the card terminal (not shown) until the personal identification number "PIN" is entered in this state, i.e., the card initialization operation, will first be briefly described. In this case, when the chip card 100 is inserted into the card terminal, an initialization signal previously set in the card terminal is transmitted to the chip card 100. Then, the chip card 100 is put into operation in the operating state based on this initialization signal. Specifically, the response-to-reset signal stored in the data ROM 12 is read out under the control of the central control unit 17 in the chip card 100. This response-to-reset data is sent from the I/O terminal to the card terminal via the output controller 23.

If it is determined that the response-to-reset data sent to the card terminal is correct, then the specific operating conditions for use only in the IC card are set and at the same time an inquiry code "ENQ" is sent back to the IC card. This "ENQ" code is written into the working RAM 16. In this state, a check is made in the central control unit 17 as to whether or not the "ENQ" code can be legally received in normal operation. If the answer is YES, then "ACK" is derived from the system program ROM 15. If NO, the signal "NAC" is derived from ROM 15. The signal "ACK" or "NAC"is then sent to the card terminal through output buffer 22 and output controller 23. When the signal "ACK" is received from the card terminal, a terminal code "TC" which differs depending on the classification of the card terminal is returned. On the other hand, when the signal "NAC" is received, the card terminal is disconnected from the smart card 100. When the terminal code "TC" is sent from the card terminal, an application name "APN" stored in the application ROM 13 in the smart card 100 is read out under the control of the central control unit 17. This application name "APN" differs depending on the classification of the card. Thus, the read out application name "APN" is once held in output buffer 22, and then sent back to the card terminal. Then, when it is determined in the card terminal on the basis of "APN" that the application type matches the content of "APN", an instruction code is returned. On the other hand, if there is a mismatch, the connection between the card terminal and the chip card is interrupted.

Upon receipt of such an instruction code, the card terminal will allow the entry of the "PIN".

PIN IDENTIFICATION

In this state, the processing goes to step A1 in the flow chart shown in Fig. 3. In step A1, timer 25 is set by a command sent from central control unit 17 of Fig. 1 before input of "PIN". In this case, time data to be set in timer 25 is derived from system program ROM 15.

Then, when the "PIN" is entered via a keyboard provided on the card terminal (not shown), this "PIN" is transmitted from the I/O terminal of the chip card 100 via the input control 21 to input buffer 20. Simultaneously with the start of the input of the "PIN" at this time, timer 25 starts its count as defined in step A2. Then it goes on to step A3.

From step A2, the first and second processing time periods described above begin.

In step A3, when it is confirmed by the central control unit 17 that the "PIN" has been input, the "PIN" held in the input buffer 20 is applied to the comparator 26, and at the same time, a read command for reading the "R-PIN" from the secret data zone 243 in the memory 24 is given to the memory read/write controller 18.

The "R-PIN" is read out from the secret data zone 243 by controller 18 and applied to comparator 26. Comparator 26 compares the input "PIN" as sent from the card terminal with the registered "R-PIN" as read out from memory 24. The result of this comparison is sent to central control unit 17. In this case, if the "PIN" matches the "R-PIN", the processing proceeds to step A4, where the content of the retry number "RTN" of the secret data zone 243 in memory 24 is set to "0". Thereafter, in the next step A5, a match command for the input "PIN" is transmitted to output buffer 22. After that, the operation proceeds to step A6.

In step A6, a check is made as to whether the counted time of timer 25 exceeds a preset time or not. If the answer is NO, then the state of step A6 is maintained. After that, if the counted time of timer 25 has passed the preset time, it goes to step A7 where the counting operation of timer 25 is stopped. Then, in the next step A8, the content of output buffer 22 is transferred to the card terminal. Subsequently, transaction processes such as money transactions and the like are carried out in the card terminal.

As described above, the time period between when the PIN is entered in step A2 and timer 25 is stopped at step A7 is defined as the first processing time period. The first processing time period is always constant and does not change with the use of the card over a period of time.

The second processing time period is now described. The second processing time period also does not change during the life of the card.

If it is decided in step A3 that the entered "PIN" does not match the "R-PIN", then the processing proceeds to step A9.

In step A9, the data retry number "RTN" in the secret data zone 243 of memory 24 is incremented by only 1 and the new retry number is rewritten in the secret data zone 243. In the next step A10, a check is made as to whether or not the new data retry number "RTN" has reached a predetermined number "n". If it is less than the predetermined number "n", then the processing goes to step All and a mismatch command for the "PIN" is transmitted to the output buffer 22.

In the next step A6, a check is simultaneously carried out to see whether the counted time of timer 25 has missed the preset time described above. If the answer is NO, then the state of step A6 is also maintained. Then, if the preset time of timer 25 has elapsed, the operation goes to step A7 to stop the counting operation of timer 25.

The second processing time period is defined to include the time from when the PIN is entered in step A2, the event command is transmitted in step A11 and the timer 25 is stopped in step A7.

In the next step A8, the content of output buffer 22 is transferred to the card terminal. Thereafter, the card terminal displays a message on the display section (not shown) of the terminal to request the cardholder to re-enter the "PIN". In this state, when the "PIN" is re-entered, the processing operations similar to those mentioned above are repeated. On the other hand, if it is determined in step A10 that the data retry number is equal to a predetermined number "n" (e.g., five) or more, the processing goes to step A12 where the counting operation of timer 25 is stopped. In the next step A13, the use of the smart card is invalidated and the smart card 100 is then ejected from the card terminal. In other words, the use of the smart card 100 is refused.

ADDRESS SCRAMBLER

In order to further improve the security of various types of data, e.g. "PIN" temporarily stored in the smart card 100, according to the invention, a scrambler 180 is introduced into address lines to the memory 24, whereby the write/read operations of various types of data into/from the memory are performed by changing the write/read addresses to memory addresses different from the command addresses. Such improvement of data security is the ultimate goal of the invention.

Specifically, scrambler 180 is provided in memory read/write controller 18. Scrambler 180 is composed of latch sections 182 and 183 having, for example, eight address lines ADI₀ to ADI₇, and memory section 184 formed of a mask ROM or the like for receiving the outputs of latch sections 182 and 183. Memory section 184 performs predetermined scrambling processing and outputs the scrambled data to memory 24 via eight address lines ADX₀ to ADX₇. The addresses to memory 24 are scrambled by scrambler 180, thereby making the original addresses and the scrambled addresses different.

The detailed operation of Scrambler 180 will now be explained.

First, when the 8-bit address data consisting of four upper bits and four lower bits is input to the address lines ADI₀ to ADI₇ in response to a write command from a CPU, i.e., the central control unit 17, this address data is once held in the holding memory areas 182 and 183. Thereafter, the 8-bit address data is applied to the memory section 184 in response to a write command from the central control unit 17. The memory section 184 stores other address data output to address lines ADX₀ to ADX₇ for memory 24 corresponding to the former address data input from address lines ADI₀ to ADI₇. It is understood that the former address data input to the address lines ADI₀ to ADI₇ is the so-called "original address" data, while the latter data output to address lines ADX₀ to ADX₇ is the so-called "encrypted address" data.

In the preferred embodiment, when "0" is input to the address line ADI₀, "1" is output to the address line ADX₄. When "1" is input to the address line ADI₁, "1" is output to the address line ADX₂. When "0" is input to the address line ADI₂, "1" is output to the address line ADX₁. When "0" is input to the address line ADI₃, "1" is output to the address line ADX₃. When "0" is input to the address line ADI₃, "1" is output to the address line ADX₃. When "1" is input to the address line ADI₅, "1" is output to the address line ADX₅. When "0" is input to the address line ADI₆, "1" is output to the address line ADX₆. When "0" is input to the address line ADI₆, "1" is output to the address line ADX₆.

In the final product of this embodiment, scrambler 180 is masked and its internal portion cannot be seen from the outside at all. In other words, after removing the external protective part of smart card 100, the IC module of the other circuit elements can be observed. However, the IC chip of scrambler 180 is set so that it cannot be seen even in this state because it is masked.

The scrambling method defined above is not exclusively limited to this method, but other scrambling methods can obviously also be used.

As a result of the scrambling process described above, the address data (encrypted address) input to the address lines ADI₀ to ADI₇ is changed to the completely different address data (original address) and output to the memory 24 via address lines ADX₀ to ADX₇. Therefore, when data is written to the memory 24, the data is written to addresses which are completely different from the addresses corresponding to the instructions on the CPU, ie the central control unit 17.

In this case, as a practical example, assume that the CPU has written data to addresses 3B(H) to 41(H) in memory 24, then the address data actually received by memory 24 is changed so that 3B(H) is changed to 67(H), 3C(H) to 71(H), 3D(H) to 61(H), 3E(H) to 75(H), 3F(H) to 65(H), 49(H) to 9B(H), and 41(H) to 8B(H).

Although the writing of data into the memory section is described above, the same scrambling method is also applied to the data reading process.

Therefore, in the above-mentioned scrambler structure, by interposing the scrambler in the address lines between the central control unit 17 and the memory section 184 for transmitting the input address data for the memory, the write/read operations of data into/from the memory 24 are performed for the output memory addresses different from the input addresses according to instructions from the CPU without changing the program. For example, even if continuous addresses are given from the CPU to instruct writing of data into the memory 24, the data is written in the memory 24 based on the discontinuous addresses. Thus, even if the contents of the memory 24 are illegally read out in an illegal attempt, the contents of the memory 24 are not recognizable, and an attempt to illegally analyze the memory contents can be prevented. This means that the illegal use of chip card 100 can be reliably prevented and the security of the use of the chip card can be significantly improved.

As described in detail above, according to the smart card identification system of the invention, even in any case of agreement or non-agreement of the personal identification number "PIN" input from the card terminal with the registered personal identification number "R-PIN" previously stored in the smart card, the first and second processing time periods required for the agreement/non-agreement operations can be set to substantially the same time periods using the timer. Therefore, it is possible to eliminate the traditional problem that the "PIN" can be decrypted by knowing the difference between the processing time periods when the result of the card identification indicates the agreement and when it indicates the non-agreement. Therefore, an attempt to illegally decrypt the "PIN" can be prevented and illegal use of the smart card can be safely avoided. Therefore, the security in using the card can be greatly improved.

Claims (7)

1. Chip card identification system (100), comprising: a device (26) for comparing a first identification number (PIN) entered by a cardholder with a second identification number (R-PIN) previously stored in the IC card to determine whether the first identification number (PIN) matches the second identification number (R-PIN); a storage device (24) for storing at least the second identification number (R-PIN); a device (25) for measuring the time elapsed during a card identification process; and means (17) for controlling the time measuring device (25) to set a first processing time period so as to be substantially equal to a second processing time period, the first processing time period being defined by a first duration after the cardholder has entered the first identification number during which the comparison device (26) determines that the first identification number (PIN) matches the second identification number (R-PIN), and the second processing time period being defined by a second duration during which the comparison device (26) determines that the first identification number (PIN) entered by the cardholder does not match the second identification number (R-PIN). 2. System (100) according to claim 1, characterized in that the storage device (24) further stores the repetition numbers (RTN) indicating how often the first identification number (PIN) was entered by the cardholder when the comparison device (26) determines that the first identification number (PIN) does not match the second identification number (R-PIN). 3. System (100) according to claim 2, characterized in that 5 (five) was chosen for the number of repetitions. 4. System (100) according to claim 1, characterized in that it further comprises a device (12, 13, 14) for pre-storing initialization data, by means of which the initialization of the chip card identification system (100) is carried out. 5. System (100) according to claim 1, further characterized by: an encryption device (180) coupled to the storage device (24) for encrypting the first addresses sent by the device (17) to generate second addresses that are different from the first addresses, the second addresses being sent to the storage device (24). 6. System (100) according to claim 5, characterized in that the encryption device (180) comprises: a raster device (182; 183) for rasterizing the first addresses transmitted by the device (17) and outputting them in response to read/write commands; and a storage area (184) for storing the second addresses with respect to the first addresses and for outputting the second addresses to the storage device (24) when the first addresses are transferred from the raster device (182; 183). 7. System (100) according to claim 6, characterized in that the first and second addresses are 8-bit addresses.